How K–12 School Districts Can Best Prepare for Ransomware Recovery

Karen Scarfone is the principal consultant for Scarfone Cybersecurity. She previously worked as a senior computer scientist for the National Institute of Standards and Technology.

No matter how many layers of security school districts put in place to stop ransomware, it’s inevitable that, at some point, an endpoint will be infected. Since January 2016, there have been 355 cybersecurity-related incidents against K–12 schools, including ransomware attacks, according to the K–12 Cybersecurity Resource Center.

In 2016, 60 percent of K–12 schools hit with ransomware decided to pay attackers in order to get back control of their data, according to analysis from the Department of Education. In response, the Education Department has responded with a number of resources to encourage better cybersecurity practices.

However, by investing in proper planning, districts can ensure that if ransomware encrypts an endpoint’s files, there will be no need to potentially pay a ransom to recover the files. Instead, schools can simply restore the data from the last backup.

Create Avenues for Quick Endpoint Recovery

School districts also should be able to quickly rebuild ransomware-infected endpoints, which would wipe out the ransomware and return the endpoint to a clean state.

As with backups, school districts should already have the ability to rapidly rebuild endpoints and ensure they’re properly secured, because the same actions are needed for many malware-infected endpoints.

When creating a recovery system, it is important to have recovery time objectives and recovery point objectives in mind, according to Unitrends.

Your RTO is the most amount of time a district can afford to be without access to its data or systems, while RPO refers to the most amount of data a district can afford to lose. By setting up recovery solutions built with RPO and RTO in mind, IT teams can ensure the damage sustained from a ransomware attack will be minimal.

Disaster Recovery as a Service Can Help Ease the Burden

For K–12 IT teams in some districts, picking up the pieces after a ransomware attack can be a heavy load — and, with limited resources, may take longer than administrators would like.

To help districts, some companies offer Disaster Recovery as a Service as part of their platforms. Microsoft, for example, has DRaaS services incorporated into its Azure cloud platform.